FTC Chairman Warns Tech Giants Against Weakening Data Security Under Foreign Pressure

Key Takeaways

• FTC Warning Letters: Chairman Andrew Ferguson sent letters to more than a dozen major tech firms, including Alphabet, Amazon, Apple, Meta, Microsoft, and X, cautioning against weakening protections for Americans.
• Foreign Law Pressure: The EU’s Digital Services Act, the UK’s Online Safety Act, and the UK’s Investigatory Powers Act were cited as laws that could incentivize censorship or force weaker encryption.
• FTC Act Compliance: Ferguson reminded companies they remain bound by the FTC Act’s prohibition on unfair and deceptive practices, regardless of foreign demands.
• Encryption Risk: Promising end-to-end encryption but secretly weakening protections to comply with foreign requirements could be deemed a deceptive practice under U.S. law.
• Enforcement Focus: The FTC signaled increased scrutiny of how global regulatory pressures impact Americans’ data security and free expression.

Deep Dive

Federal Trade Commission (FTC) Chairman Andrew N. Ferguson has issued a pointed warning to some of the world’s biggest technology companies to not weaken Americans’ data security or censor speech at the request of foreign governments.

In letters sent on August 21 to more than a dozen major firms (including Akamai, Alphabet, Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X) Ferguson reminded executives of their obligations under U.S. law to protect consumer privacy and data security, even as they face increasing regulatory demands abroad.

The correspondence highlighted recent legislation in Europe and the United Kingdom, such as the EU’s Digital Services Act and the UK’s Online Safety Act, which set requirements for content management, as well as the UK’s Investigatory Powers Act, which enables government access to certain communications data. Ferguson noted that while companies may face obligations abroad, they remain accountable under U.S. law for the commitments they make to consumers at home.

“I am concerned that these actions by foreign powers to impose censorship and weaken end-to-end encryption will erode Americans’ freedoms and subject them to myriad harms, such as surveillance by foreign governments and an increased risk of identity theft and fraud,” Ferguson wrote.

The Chairman emphasized that under the FTC Act, it is unlawful for companies to mislead consumers about the privacy or security protections they provide. For instance, if a company markets its services as end-to-end encrypted but adopts weaker measures, that could constitute a deceptive practice under U.S. law.

The letters demonstrate the FTC’s growing focus on how companies navigate international regulatory requirements while maintaining compliance with U.S. consumer protection standards. For global firms, the challenge lies in balancing overlapping obligations without compromising on transparency or the protections promised to users in different jurisdictions.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.